Class: Scanny::Checks::XssLoggerCheck

Inherits:

Check

• Object
• Check
• Scanny::Checks::XssLoggerCheck

Defined in:

lib/scanny/checks/xss/xss_logger_check.rb

Overview

Check for logger methods that are called with request params or a dynamic string. This allows us to avoid executing dangerous code.

Instance Method Summary

• #check(node) ⇒ Object
• #pattern ⇒ Object

Methods inherited from Check

#compiled_pattern, #issue, #strict?, #visit

Instance Method Details

#check(node) ⇒ Object

# File 'lib/scanny/checks/xss/xss_logger_check.rb', line 13

def check(node)
  issue :low, warning_message, :cwe => [20, 79]
end

#pattern ⇒ Object

# File 'lib/scanny/checks/xss/xss_logger_check.rb', line 6

def pattern
  [
    pattern_logger_with_params,
    pattern_dynamic_string,
  ].join("|")
end